PT-2021-17757 · Cohesity · Cohesity Dataplatform
Heiko Reese
+1
·
Published
2021-04-02
·
Updated
2022-07-12
·
CVE-2021-28124
CVSS v3.1
5.9
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Cohesity DataPlatform versions 6.3 through 6.3.1g
Cohesity DataPlatform versions 6.4 through 6.4.1c
Cohesity DataPlatform versions 6.5.1 through 6.5.1b
Description:
A man-in-the-middle issue exists due to missing server authentication in the support channel of Cohesity DataPlatform. This allows an attacker to intercept the support channel UI session, potentially leading to unauthorized access or data manipulation.
Recommendations:
For versions 6.3 through 6.3.1g, update to a version later than 6.3.1g to resolve the issue.
For versions 6.4 through 6.4.1c, update to a version later than 6.4.1c to resolve the issue.
For versions 6.5.1 through 6.5.1b, update to a version later than 6.5.1b to resolve the issue.
Exploit
Fix
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cohesity Dataplatform